TITLE:
Privacy Preserving Risk Mitigation Approach for Healthcare Domain
AUTHORS:
Shaden S. Al Aqeeli, Mznah A. Al-Rodhaan, Yuan Tian, Abdullah M. Al-Dhelaan
KEYWORDS:
Access Control, Healthcare, HIPAA, Risk-Aware, Risk Mitigation
JOURNAL NAME:
E-Health Telecommunication Systems and Networks,
Vol.7 No.1,
March
29,
2018
ABSTRACT: In the healthcare domain, protecting the electronic
health record (EHR) is crucial for preserving the privacy of the patient. To
help protect the sensitive data, access control mechanisms can be utilized to
restrict access to only legitimate users. However, an issue arises when the
authorized users abuse their access privileges and violate privacy preferences
of the patients. While traditional access control schemes fall short of
defending against the misbehavior of authorized users, risk-aware access
control models can provide adaptable access to the system resources based on
assessing the risk of an access request. When an access request is deemed
risky, but within acceptable thresholds, risk mitigation strategies can be
exploited to minimize the risk calculated. This paper proposes a risk-aware,
privacy-preserving risk mitigation approach that can be utilized in the
healthcare domain. The risk mitigation approach controls the patient’s medical
data that can be exposed to healthcare professionals, according to their trust
level as well as the risk incurred of such data exposure, by developing a novel
Risk Measure formula. The developed Risk Measure is proven to manage the risk
effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI0 and RIMIDI1, which utilize the
developed risk measures, are proposed. Experimental results show the
feasibility and effectiveness of the proposed method in preserving the privacy
preferences of the patient. Since the proposed approach exposes the patient’s
data that are relevant to the undergoing medical procedure while preserving the
privacy preferences, positive outcomes can be realized, which will ultimately
bring forth quality healthcare services.